Security Analyst (Pentester)

We are looking for a highly skilled Security Analyst (Penetration Tester) to join one of South Africa’s largest and most reputable security consulting firms, based in Pretoria. This semi-hybrid role offers a dynamic and challenging environment where you will apply your expertise to perform penetration testing, vulnerability assessments, and risk analyses across a range of systems, networks, and applications. You will play a crucial role in helping the client strengthen their security posture through advanced testing and actionable security recommendations.

• Conduct advanced penetration tests across various platforms, including web applications, networks, and internal/external infrastructures.
• Perform thorough vulnerability assessments and scans, identifying attack vectors and providing strategic recommendations.
• Prepare and deliver clear, concise penetration testing reports that outline technical findings, business impact, and risk mitigation strategies.
• Work closely with internal teams and clients to assess, document, and remediate vulnerabilities discovered during testing.
• Stay up-to-date on emerging security trends, vulnerabilities, attack methods, and penetration testing tools. Contribute to developing internal methodologies and best practices.
• Effectively communicate penetration testing results to clients, providing insights into risk levels and actionable next steps for remediation.
• Mentor junior staff and share knowledge to foster a collaborative and continuous improvement culture within the team.

• 3-5 years in penetration testing or security analysis, ideally in a consulting environment.
• Hands‑on experience with penetration testing tools such as Burp Suite, Kali Linux, Metasploit, Nessus, and Nmap.
• Strong understanding of web application security (OWASP Top 10, SQL Injection, Cross‑Site Scripting, etc.).
• Expertise in network security, firewalls, IDS/IPS, VPNs, and security monitoring tools.
• Proficient in scripting languages (Python, Bash, etc.) for automation and exploit development.
• Familiarity with cloud environments (AWS, Azure, GCP) and securing cloud systems is a plus.
• Knowledge of risk management frameworks (e.g., NIST, ISO) is beneficial.
• Certifications:
  • OSCP – Offensive Security Certified Professional
  • eJPT / eCPPT – eLearnSecurity Certified Professional Penetration Tester
  • CRTP, CARTP, CRTE – Altered Security
  • PJPT, PNPT – Practical Network Penetration Tester
  • CEH, CompTIA Security+, CISSP, CISM (beneficial)

• Strong analytical and problem‑solving abilities.
• Exceptional communication skills, capable of presenting technical findings in a clear and structured manner to both technical and non‑technical audiences.
• Ability to manage multiple client engagements and work independently in a fast‑paced environment.

• Exposure to a diverse set of clients and cybersecurity challenges, offering immense career growth opportunities.
• Access to continuous training, industry certifications, and professional development.
• Competitive salary and benefits.